package com.movieproject.src;

import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

import javax.servlet.http.HttpServletRequest;

import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.servlet.ModelAndView;

import com.movieproject.daos.UserDAO;
import com.movieproject.dataobjects.User;

@Controller
@Transactional
public class UserAccountController {
	
	@Autowired
	private UserDAO userDAO;
	
	@RequestMapping(value = "/EditAccount", method = RequestMethod.GET)
	public ModelAndView editUserAccount(HttpServletRequest request) {
		ModelAndView mav = new ModelAndView();

		int uID = 1;
		if (request.getSession().getAttribute("uName") != null)	// check to see if session var uName exist
			uID = (Integer) request.getSession().getAttribute("uName");
		
		mav.getModelMap().addAttribute("currentUser", userDAO.getUser(uID));
		
		return mav;
	}
	
	@RequestMapping(value = "/EditPassword", method = RequestMethod.GET)
	public ModelAndView editUserPassword(HttpServletRequest request) {
		ModelAndView mav = new ModelAndView();
		int uID = 1;
		if (request.getSession().getAttribute("uName") != null)	// check to see if session var uName exist
			uID = (Integer) request.getSession().getAttribute("uName");
		
		mav.getModelMap().addAttribute("currentUser", userDAO.getUser(uID));
		
		return mav;
	}
	
	/**
	 * Use for updating user personal information.
	 * @param fName - First name.
	 * @param lName - Last name.
	 * @param email - Email address.
	 * @param address - Address.
	 * @param city - City.
	 * @param state - State.
	 * @param zip - Zip code.
	 * @param request - Http servelet request
	 * @return Page redirect to.
	 */
	@RequestMapping(value = "/UpdateSuccess", method = RequestMethod.POST)
	public String updateUserInfo(@RequestParam("fName") String fName, @RequestParam("lName") String lName,
			@RequestParam("email") String email, @RequestParam("address") String address, @RequestParam("city") String city, 
			@RequestParam("state") String state, @RequestParam("zip") String zip, HttpServletRequest request) {

		// Get user ID from session
		int uID = 1; // set default
		if (request.getSession().getAttribute("uName") != null)	// check to see if session var uName exist
			uID = (Integer) request.getSession().getAttribute("uName");
		
		// Grab user base on userID
		User user = userDAO.getUser(uID);
		
		// Modified user object
		user.setFirstName(fName);
		user.setLastName(lName);
		user.setEmail(email);
		user.setAddress(address);
		user.setCity(city);
		user.setState(state);
		user.setZip(zip);
		
		// Update user object and save to database.
		userDAO.updateUser(user);
		
		return "UpdateSuccess";
		
	}
	
	/**
	 * Use for updating user password
	 * @param cPassword - current password
	 * @param pPass - new password 
	 * @param nPassTwo - new password enter in again for confimation
	 * @param request - Http servelet response
	 * @return - Page redirecting to.
	 * @throws NoSuchAlgorithmException
	 * @throws InvalidKeySpecException
	 */
	@RequestMapping(value="/updatepw", method = RequestMethod.POST)
	public ModelAndView updateUserPasswordInfo(@RequestParam("oP") String cPassword, @RequestParam("nP") String pPass, 
			@RequestParam("nPDup") String nPassTwo, HttpServletRequest request) throws NoSuchAlgorithmException, InvalidKeySpecException {
		ModelAndView mav = new ModelAndView();
		String message = "Please enter your old password and the new password.";
		request.getSession().setAttribute("pwMsg", message);
		mav.getModelMap().addAttribute("pwMsg", message);
		int uID = 1;
		if (request.getSession().getAttribute("uName") != null)	// check to see if session var uName exist
			uID = (Integer) request.getSession().getAttribute("uName");
		
		User user = userDAO.getUser(uID);
		String passHash = "";
		
		// if user enter in correct password
		if(AppSecurity.validateHash(cPassword, user.getPassword())) {

			//if the new passwords match each other. Update the password
			if (pPass.equals(nPassTwo)) {
				passHash = AppSecurity.createHash(pPass);
				user.setPassword(passHash);
				userDAO.updateUser(user);
				message = "Password change success";
				mav = new ModelAndView("UpdateSuccess", "pwMsg", message);
			} else {
				message = "New password does not match. Please try again.";
				mav = new ModelAndView("EditPassword", "pwMsg", message);
			}
		} else {
			message = "Old password is not correct. Please try again.";
			mav = new ModelAndView("EditPassword", "pwMsg", message);
		}
		
		mav.getModelMap().addAttribute("editUser", userDAO.getUser(uID));
		
		return mav;
		
	}

}
